Author: mposolda
Date: 2011-11-25 05:00:28 -0500 (Fri, 25 Nov 2011)
New Revision: 8144
Modified:
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java
Log:
GTNMGMT-33 Fix NPE in PortalLoginModule, which can happen during CLI login
Modified:
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java
===================================================================
---
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2011-11-25
03:22:16 UTC (rev 8143)
+++
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2011-11-25
10:00:28 UTC (rev 8144)
@@ -92,7 +92,15 @@
try
{
- HttpServletRequest request =
(HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
+ HttpServletRequest request = getCurrentHttpServletRequest();
+
+ // This can be the case with CLI login
+ if (request == null)
+ {
+ log.debug("Unable to find HTTPServletRequest.");
+ return false;
+ }
+
authCredentials =
(Credentials)request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS);
// If authenticated credentials were presented in HTTP session, it means that
we were already logged on different cluster node
@@ -139,6 +147,7 @@
{
// Add authenticated credentials to session only if we were logged on this host
with "real" credentials
if (getContextMethod != null &&
+ isClusteredSSO() &&
sharedState.containsKey("javax.security.auth.login.name") &&
sharedState.containsKey("javax.security.auth.login.password")
&&
sharedState.get(LOGIN_ON_DIFFERENT_NODE) == null)
@@ -150,9 +159,18 @@
HttpServletRequest request = null;
try
{
- request = (HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
- request.getSession().setAttribute(AUTHENTICATED_CREDENTIALS, wc);
- handleCredentialsRemoving(request);
+ request = getCurrentHttpServletRequest();
+
+ // This can be the case with CLI login
+ if (request == null)
+ {
+ log.debug("Unable to find HTTPServletRequest.");
+ }
+ else
+ {
+ request.getSession().setAttribute(AUTHENTICATED_CREDENTIALS, wc);
+ handleCredentialsRemoving(request);
+ }
}
catch(Exception e)
{
@@ -201,4 +219,22 @@
// TODO: We can't remove credentials from HTTP session right now because
WSRP-Security relies on it. See method WSSecurityCredentialHelper.handleRequest
// request.getSession().removeAttribute(Credentials.CREDENTIALS);
}
+
+ private HttpServletRequest getCurrentHttpServletRequest()
+ {
+ HttpServletRequest request = null;
+ try
+ {
+ if (getContextMethod != null)
+ {
+ request = (HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
+ }
+ }
+ catch (Exception e)
+ {
+ log.debug("Exception when trying to obtain HTTPServletRequest.", e);
+ }
+
+ return request;
+ }
}
Show replies by date